IOC Report
14531.exe

loading gifFilesProcessesDomainsIPsRegistryMemdumps321010010Label

Files

File Path
Type
Category
Malicious
Download
14531.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
initial sample
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b01bafee67b4e3a4b4846a4df843c25bWindows Update.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
dropped
 malicious
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\b01bafee67b4e3a4b4846a4df843c25bWindows Update.exe:Zone.Identifier
ASCII text, with CRLF line terminators
modified
 malicious
C:\Users\user\AppData\Roaming\app
Unicode text, UTF-8 (with BOM) text, with no line terminators
dropped
\Device\ConDrv
ASCII text, with CRLF line terminators
dropped

Processes

Path
Cmdline
Malicious
C:\Users\user\Desktop\14531.exe
"C:\Users\user\Desktop\14531.exe"
 malicious
C:\Windows\SysWOW64\netsh.exe
netsh firewall add allowedprogram "C:\Users\user\Desktop\14531.exe" "14531.exe" ENABLE
 malicious
C:\Windows\System32\conhost.exe
C:\Windows\system32\conhost.exe 0xffffffff -ForceV1

Domains

Name
IP
Malicious
morning-ultimately.gl.at.ply.gg
147.185.221.26

IPs

IP
Domain
Country
Malicious
147.185.221.26
morning-ultimately.gl.at.ply.gg
United States

Registry

Path
Value
Malicious
HKEY_CURRENT_USER\Environment
SEE_MASK_NOZONECHECKS
 malicious

Memdumps

Base Address
Regiontype
Protect
Malicious
Download
D62000
unkown
page readonly
 malicious
64CA000
heap
page read and write
994000
heap
page read and write
1760000
heap
page execute and read and write
5460000
trusted library allocation
page read and write
1677000
trusted library allocation
page execute and read and write
43D1000
trusted library allocation
page read and write
990000
heap
page read and write
460B000
trusted library allocation
page read and write
4F61000
heap
page read and write
1160000
heap
page read and write
1680000
trusted library allocation
page read and write
9F2000
heap
page read and write
4512000
trusted library allocation
page read and write
1140000
heap
page read and write
9C95000
trusted library allocation
page read and write
132E000
stack
page read and write
4F7B000
heap
page read and write
9FA000
heap
page read and write
990000
heap
page read and write
D60000
unkown
page readonly
9D75000
trusted library allocation
page read and write
996000
heap
page read and write
33D1000
trusted library allocation
page read and write
9EE000
heap
page read and write
57EB000
stack
page read and write
C40000
heap
page read and write
9A5000
heap
page read and write
99D000
heap
page read and write
9A2000
heap
page read and write
168C000
trusted library allocation
page execute and read and write
4F67000
heap
page read and write
4F61000
heap
page read and write
959000
heap
page read and write
12A9000
heap
page read and write
5F0D000
stack
page read and write
974000
heap
page read and write
990000
heap
page read and write
4F73000
heap
page read and write
53E0000
heap
page read and write
4F7A000
heap
page read and write
9D2000
heap
page read and write
1870000
trusted library allocation
page read and write
9D2000
heap
page read and write
7E5000
heap
page read and write
60D0000
heap
page read and write
4F6E000
heap
page read and write
9F0000
heap
page read and write
556E000
stack
page read and write
96D000
heap
page read and write
937000
heap
page read and write
9A6000
heap
page read and write
6550000
unclassified section
page read and write
99D1000
trusted library allocation
page read and write
4F69000
heap
page read and write
94D000
heap
page read and write
87BA000
trusted library allocation
page read and write
4F69000
heap
page read and write
99F000
heap
page read and write
4F7C000
heap
page read and write
60CD000
stack
page read and write
991000
heap
page read and write
7C0000
heap
page read and write
9CE000
heap
page read and write
94E000
heap
page read and write
9D1000
heap
page read and write
9FC000
heap
page read and write
1136000
stack
page read and write
9A2000
heap
page read and write
1697000
trusted library allocation
page execute and read and write
5FCD000
stack
page read and write
48B0000
heap
page read and write
58EC000
stack
page read and write
1325000
heap
page read and write
5CCE000
stack
page read and write
974000
heap
page read and write
167A000
trusted library allocation
page execute and read and write
174C000
stack
page read and write
956000
heap
page read and write
4F67000
heap
page read and write
12D0000
heap
page read and write
9CEB000
trusted library allocation
page read and write
9A5000
heap
page read and write
5F4D000
stack
page read and write
9EE000
heap
page read and write
9AC000
heap
page read and write
948000
heap
page read and write
900000
heap
page read and write
12FE000
heap
page read and write
1890000
trusted library allocation
page read and write
5400000
heap
page read and write
96E000
heap
page read and write
7B0000
heap
page read and write
996000
heap
page read and write
6570000
heap
page read and write
166C000
trusted library allocation
page execute and read and write
9CE000
heap
page read and write
96D000
heap
page read and write
1682000
trusted library allocation
page execute and read and write
96D000
heap
page read and write
CF0000
heap
page read and write
96E000
heap
page read and write
449E000
trusted library allocation
page read and write
4F64000
heap
page read and write
9A5000
heap
page read and write
998000
heap
page read and write
1692000
trusted library allocation
page read and write
4DEF000
stack
page read and write
920000
heap
page read and write
18A0000
trusted library allocation
page execute and read and write
444B000
trusted library allocation
page read and write
1652000
trusted library allocation
page execute and read and write
1170000
heap
page read and write
96F000
heap
page read and write
878E000
trusted library allocation
page read and write
99E000
heap
page read and write
1540000
heap
page read and write
4F67000
heap
page read and write
1220000
heap
page read and write
4F40000
heap
page read and write
9AF000
heap
page read and write
9D31000
trusted library allocation
page read and write
6573000
heap
page read and write
12A1000
heap
page read and write
994000
heap
page read and write
9AC000
heap
page read and write
99E000
heap
page read and write
94E000
heap
page read and write
957000
heap
page read and write
CF6000
heap
page read and write
93A000
heap
page read and write
9D2000
heap
page read and write
948000
heap
page read and write
74E000
stack
page read and write
4F62000
heap
page read and write
9FD000
heap
page read and write
465E000
trusted library allocation
page read and write
956000
heap
page read and write
9D1000
heap
page read and write
136E000
stack
page read and write
996000
heap
page read and write
1320000
heap
page read and write
9EE000
heap
page read and write
9D35000
trusted library allocation
page read and write
55FC000
stack
page read and write
620E000
stack
page read and write
9F7000
heap
page read and write
165A000
trusted library allocation
page execute and read and write
9D2000
heap
page read and write
103A000
stack
page read and write
1690000
trusted library allocation
page read and write
96E000
heap
page read and write
994000
heap
page read and write
1662000
trusted library allocation
page execute and read and write
C3F000
stack
page read and write
75B000
stack
page read and write
630E000
stack
page read and write
9D2000
heap
page read and write
970000
heap
page read and write
53F0000
heap
page read and write
974000
heap
page read and write
644E000
stack
page read and write
948000
heap
page read and write
9D2000
heap
page read and write
95C000
heap
page read and write
5E0C000
stack
page read and write
9EE000
heap
page read and write
4705000
trusted library allocation
page read and write
12B4000
heap
page read and write
8FE000
unkown
page read and write
4F71000
heap
page read and write
10B0000
heap
page read and write
9D2000
heap
page read and write
9A7000
heap
page read and write
999000
heap
page read and write
9D2000
heap
page read and write
4F7A000
heap
page read and write
9AC000
heap
page read and write
65B000
stack
page read and write
75E000
stack
page read and write
166A000
trusted library allocation
page execute and read and write
12AE000
heap
page read and write
9EE000
heap
page read and write
AFF000
unkown
page read and write
94E000
heap
page read and write
9A0000
heap
page read and write
753000
stack
page read and write
1530000
trusted library allocation
page read and write
56E0000
heap
page read and write
9EE000
heap
page read and write
46B2000
trusted library allocation
page read and write
94D000
heap
page read and write
1228000
heap
page read and write
9FD000
heap
page read and write
9F3000
heap
page read and write
9A5000
heap
page read and write
67AD000
stack
page read and write
65A0000
heap
page read and write
6450000
heap
page read and write
974000
heap
page read and write
993000
heap
page read and write
5F8B000
stack
page read and write
94B000
heap
page read and write
9F6000
heap
page read and write
4565000
trusted library allocation
page read and write
168A000
trusted library allocation
page execute and read and write
94E000
heap
page read and write
99D000
heap
page read and write
9F2000
heap
page read and write
9AC000
heap
page read and write
998000
heap
page read and write
9B4E000
trusted library allocation
page read and write
16DE000
stack
page read and write
7E0000
heap
page read and write
96D000
heap
page read and write
99C000
heap
page read and write
948000
heap
page read and write
94B000
heap
page read and write
186E000
stack
page read and write
996000
heap
page read and write
993000
heap
page read and write
634E000
stack
page read and write
122E000
heap
page read and write
5DCF000
stack
page read and write
4EEF000
stack
page read and write
95B000
heap
page read and write
90A000
heap
page read and write
99D000
heap
page read and write
1210000
heap
page read and write
9F0000
heap
page read and write
959000
heap
page read and write
9EF000
heap
page read and write
9F8000
heap
page read and write
B3E000
stack
page read and write
1660000
trusted library allocation
page read and write
68AE000
stack
page read and write
990000
heap
page read and write
33DE000
trusted library allocation
page read and write
16E0000
heap
page read and write
6A2D000
stack
page read and write
9DB4000
trusted library allocation
page read and write
4F67000
heap
page read and write
45B8000
trusted library allocation
page read and write
99F000
heap
page read and write
9EE000
heap
page read and write
95A000
heap
page read and write
9FE000
heap
page read and write
99A000
heap
page read and write
18E0000
heap
page read and write
991000
heap
page read and write
9D3F000
trusted library allocation
page read and write
6B2E000
stack
page read and write
99F000
heap
page read and write
9AC000
heap
page read and write
9EE000
heap
page read and write
563C000
stack
page read and write
96E000
heap
page read and write
169B000
trusted library allocation
page execute and read and write
99F000
heap
page read and write
9AF000
heap
page read and write
9A5000
heap
page read and write
18C0000
trusted library allocation
page execute and read and write
99C000
heap
page read and write
948000
heap
page read and write
There are 254 hidden memdumps, click here to show them.